summaryrefslogtreecommitdiff
path: root/templates/vpn
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vpn')
-rw-r--r--templates/vpn/ipsec/esp-group/node.def4
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/compression/node.def5
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def3
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/mode/node.def5
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/pfs/node.def9
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/proposal/node.def3
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def7
-rw-r--r--templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def5
-rw-r--r--templates/vpn/ipsec/ike-group/node.def4
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def7
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def3
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def3
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def3
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/proposal/node.def3
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def5
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def7
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def5
-rw-r--r--templates/vpn/ipsec/logging/log-modes/node.def15
-rw-r--r--templates/vpn/ipsec/nat-traversal/node.def5
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.def7
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def3
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def5
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def2
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def5
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def5
-rw-r--r--templates/vpn/rsa-keys/rsa-key-name/node.def4
-rw-r--r--templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def2
27 files changed, 51 insertions, 83 deletions
diff --git a/templates/vpn/ipsec/esp-group/node.def b/templates/vpn/ipsec/esp-group/node.def
index 0ba76f8..988f5a2 100644
--- a/templates/vpn/ipsec/esp-group/node.def
+++ b/templates/vpn/ipsec/esp-group/node.def
@@ -1,6 +1,4 @@
tag:
type: txt
-help: Encapsulating Security Payload (ESP)
+help: Name of Encapsulating Security Payload (ESP) group
syntax:expression: pattern $VAR(@) "^[-_a-zA-Z0-9.]+$" ; "invalid ESP group name \"$VAR(@)\""
-comp_help: possible completions
- <text> Set the name of an ESP group
diff --git a/templates/vpn/ipsec/esp-group/node.tag/compression/node.def b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
index 178a4da..ba9f343 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
@@ -2,6 +2,5 @@ help: ESP compression
type: txt
default: "disable"
syntax:expression: $VAR(@) in "enable", "disable"; "must be enable or disable"
-comp_help: possible completions
- enable Set ESP compression enabled
- disable Set ESP compression disabled (default)
+val_help: enable; Enable ESP compression
+val_help: disable; Disable ESP compression (default)
diff --git a/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
index 3634d6c..2690d54 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
@@ -2,5 +2,4 @@ help: ESP lifetime
type: u32
default: 3600
syntax:expression: ($VAR(@) >= 30 && $VAR(@) <= 86400) ; "must be in the range 30 to 86400 seconds"
-comp_help: possible completions
- <30-86400> Set ESP lifetime in seconds (default 3600)
+val_help: u32:30-86400; ESP lifetime in seconds (default 3600)
diff --git a/templates/vpn/ipsec/esp-group/node.tag/mode/node.def b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
index 4a410a4..ce192bf 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
@@ -2,6 +2,5 @@ help: ESP mode
type: txt
default: "tunnel"
syntax:expression: $VAR(@) in "tunnel", "transport"; "must be tunnel or transport"
-comp_help: possible completions
- tunnel Set tunnel mode (default)
- transport Set transport mode
+val_help: tunnel; Tunnel mode (default)
+val_help: transport; Transport mode
diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
index b66b1ec..7185c27 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
@@ -2,8 +2,7 @@ help: ESP Perfect Forward Secrecy
type: txt
default: "enable"
syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5"; "must be enable, disable, dh-group2 or dh-group5"
-comp_help: possible completions
- enable Enable PFS. Use ike-group's dh-group (default)
- dh-group2 Enable PFS. Use Diffie-Hellman group 2
- dh-group5 Enable PFS. Use Diffie-Hellman group 5
- disable Disable PFS
+val_help: enable; Enable PFS. Use ike-group's dh-group (default)
+val_help: dh-group2; Enable PFS. Use Diffie-Hellman group 2
+val_help: dh-group5; Enable PFS. Use Diffie-Hellman group 5
+val_help: disable; Disable PFS
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
index 4d80a5e..22d1e16 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
@@ -2,6 +2,5 @@ tag:
type: u32
help: ESP-group proposal [REQUIRED]
syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 65535) ; "must be between 1-65535"
-comp_help: possible completions
- <1-65535> Set the esp-group proposal number
+val_help: u32:1-65535; ESP-group proposal number
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
index 34e9705..1c02803 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
@@ -2,7 +2,6 @@ help: Encryption algorithm
type: txt
default: "aes128"
syntax:expression: $VAR(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des"
-comp_help: possible completions
- aes128 Set aes128 encryption (default)
- aes256 Set aes256 encryption
- 3des Set 3des encryption
+val_help: aes128; AES-128 encryption (default)
+val_help: aes256; AES-256 encryption
+val_help: 3des; 3DES encryption
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
index b4e5bd7..681f008 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
@@ -2,6 +2,5 @@ help: Hash algorithm
type: txt
default: "sha1"
syntax:expression: $VAR(@) in "md5", "sha1"; "must be md5 or sha1"
-comp_help: possible completions
- md5 Set md5 hash
- sha1 Set sha1 hash (default)
+val_help: md5; MD5 hash
+val_help: sha1; SHA1 hash (default)
diff --git a/templates/vpn/ipsec/ike-group/node.def b/templates/vpn/ipsec/ike-group/node.def
index 857fa2f..2fe118a 100644
--- a/templates/vpn/ipsec/ike-group/node.def
+++ b/templates/vpn/ipsec/ike-group/node.def
@@ -1,6 +1,4 @@
tag:
type: txt
-help: Internet Key Exchange (IKE) configuration
+help: Name of Internet Key Exchange (IKE) group
syntax:expression: pattern $VAR(@) "^[-_a-zA-Z0-9.]+$" ; "invalid IKE group name \"$VAR(@)\""
-comp_help: possible completions
- <text> Set the name of an IKE group
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
index 9cca902..ca722ab 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
@@ -2,7 +2,6 @@ help: Keep-alive failure action
type: txt
default: "hold"
syntax:expression: $VAR(@) in "hold", "clear", "restart"; "must be hold, or clear, or restart"
-comp_help: possible completions
- hold Set action to hold (default)
- clear Set action to clear
- restart Set action to restart
+val_help: hold; Set action to hold (default)
+val_help: clear; Set action to clear
+val_help: restart; Set action to restart
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
index e712142..4fdebe9 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
@@ -2,5 +2,4 @@ help: Keep-alive interval
type: u32
default: 30
syntax:expression: ($VAR(@) >= 15 && $VAR(@) <= 86400) ; "must be between 15-86400 seconds"
-comp_help: possible completions
- <15-86400> Set keep-alive interval in seconds (default 30)
+val_help: u32:15-86400; Keep-alive interval in seconds (default 30)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
index 5ea89b8..939be1c 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
@@ -2,7 +2,6 @@ help: Keep-alive timeout
type: u32
default: 120
syntax:expression: ($VAR(@) >= 30 && $VAR(@) <= 86400) ; "must be between 30-86400 seconds"
-comp_help: possible completions
- <30-86400> Set keep-alive timeout in seconds (default 120)
+val_help: u32:30-86400; Keep-alive timeout in seconds (default 120)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
index 1bbf7c4..980ed94 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
@@ -2,5 +2,4 @@ help: IKE lifetime
type: u32
default: 28800
syntax:expression: ($VAR(@) >= 30 && $VAR(@) <= 86400) ; "must between 30-86400 seconds"
-comp_help: possible completions
- <30-86400> Set IKE lifetime (default 28800)
+val_help: u32:30-86400; IKE lifetime in seconds (default 28800)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
index f936d23..d269874 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
@@ -2,6 +2,5 @@ tag:
help: IKE-group proposal [REQUIRED]
type: u32
syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 65535) ; "must be between 1-65535"
-comp_help: possible completions
- <1-65535> Set ike-group proposal
+val_help: u32:1-65535; IKE-group proposal
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
index 2056e39..d7c2fd5 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
@@ -1,6 +1,5 @@
help: Diffie-Hellman (DH) key exchange group
type: u32
syntax:expression: ($VAR(@) == 2 || $VAR(@) == 5); "must be 2 or 5"
-comp_help: possible completions
- 2 Set dh2
- 5 Set dh5
+val_help: 2; DH group 2
+val_help: 5; DH group 5
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
index 34e9705..1c02803 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
@@ -2,7 +2,6 @@ help: Encryption algorithm
type: txt
default: "aes128"
syntax:expression: $VAR(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des"
-comp_help: possible completions
- aes128 Set aes128 encryption (default)
- aes256 Set aes256 encryption
- 3des Set 3des encryption
+val_help: aes128; AES-128 encryption (default)
+val_help: aes256; AES-256 encryption
+val_help: 3des; 3DES encryption
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
index c8ffb9d..681f008 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
@@ -2,6 +2,5 @@ help: Hash algorithm
type: txt
default: "sha1"
syntax:expression: $VAR(@) in "md5", "sha1"; "must be md5 or sha1"
-comp_help: possible completions
- md5 Set md5 hash
- sha1 Set sha1 hash (default)
+val_help: md5; MD5 hash
+val_help: sha1; SHA1 hash (default)
diff --git a/templates/vpn/ipsec/logging/log-modes/node.def b/templates/vpn/ipsec/logging/log-modes/node.def
index 978504f..f0dd9f4 100644
--- a/templates/vpn/ipsec/logging/log-modes/node.def
+++ b/templates/vpn/ipsec/logging/log-modes/node.def
@@ -2,11 +2,10 @@ multi:
help: Log mode
type: txt
syntax:expression: $VAR(@) in "raw", "crypt", "parsing", "emitting", "control", "all", "private" ; "must be one of the following: raw, crypt, parsing, emitting, control, all, private"
-comp_help: Additional pluto debug log options:
- raw
- crypt
- parsing
- emitting
- control
- all
- private
+val_help: raw; Debug log option for pluto
+val_help: crypt; Debug log option for pluto
+val_help: parsing; Debug log option for pluto
+val_help: emitting; Debug log option for pluto
+val_help: control; Debug log option for pluto
+val_help: all; Debug log option for pluto
+val_help: private; Debug log option for pluto
diff --git a/templates/vpn/ipsec/nat-traversal/node.def b/templates/vpn/ipsec/nat-traversal/node.def
index fb62c8f..d677aef 100644
--- a/templates/vpn/ipsec/nat-traversal/node.def
+++ b/templates/vpn/ipsec/nat-traversal/node.def
@@ -1,6 +1,5 @@
help: Network Address Translation (NAT) traversal
type: txt
syntax:expression: $VAR(@) in "enable", "disable"; "must be enable or disable"
-comp_help: possible completions:
- enable Set NAT-T enabled
- disable Set NAT-T disabled
+val_help: enable; Enable NAT-T
+val_help: disable; Disable NAT-T
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.def b/templates/vpn/ipsec/site-to-site/peer/node.def
index c7448b8..5c55bf7 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.def
@@ -1,7 +1,6 @@
tag:
type: txt
help: VPN peer
-comp_help: Allowed values:
- <x.x.x.x> Set IP address of the peer
- <text> Set the hostname of the peer
- @<text> Set the ID of the peer
+val_help: ipv4; IP address of the peer
+val_help: txt; Hostname of the peer
+val_help: @<text>; ID of the peer
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def
index 7454c7d..1ae62d5 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def
@@ -2,5 +2,4 @@ help: ID for peer authentication
type: txt
syntax:expression: pattern $VAR(@) "^@[[:alpha:]_]+(\.[[:alnum:]][-_[:alnum:]]*)*$"
; "invalid ID \"$VAR(@)\""
-comp_help:Possible completions:
- @<text> ID used for peer authentication
+val_help: @<text>; ID used for peer authentication
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
index ddba87e..25f5f66 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
@@ -2,6 +2,5 @@ help: Authentication mode
type: txt
default: "pre-shared-secret"
syntax:expression: $VAR(@) in "pre-shared-secret", "rsa"; "must be pre-shared-secret or rsa"
-comp_help: possible completions:
- pre-shared-secret Set authentication mode to use pre shared secret key
- rsa Set authentication mode to use RSA key
+val_help: pre-shared-secret; Use pre-shared secret key
+val_help: rsa; Use RSA key
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def
index ec1e90a..17f2d41 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def
@@ -1,4 +1,2 @@
help: ID for remote authentication
type: txt
-comp_help:Possible completions:
- <text> ID used for remote authentication
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
index 1288fc0..d29d6fc 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
@@ -2,6 +2,5 @@ help: Option to allow NAT networks
type: txt
default: "disable"
syntax:expression: $VAR(@) in "enable", "disable"; "must be enable or disable"
-comp_help: possible completions:
- enable Set NAT networks enabled
- disable Set NAT networks disabled (default)
+val_help: enable; Enable NAT networks
+val_help: disable; Disable NAT networks (default)
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
index 74c6cee..c0325ca 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
@@ -2,6 +2,5 @@ help: Option to allow public networks
type: txt
default: "disable"
syntax:expression: $VAR(@) in "enable", "disable"; "must be enable or disable"
-comp_help: possible completions:
- enable Set public networks enabled
- disable Set public networks disabled (default)
+val_help: enable; Enable public networks
+val_help: disable; Disable public networks (default)
diff --git a/templates/vpn/rsa-keys/rsa-key-name/node.def b/templates/vpn/rsa-keys/rsa-key-name/node.def
index 0aaf8ea..575b504 100644
--- a/templates/vpn/rsa-keys/rsa-key-name/node.def
+++ b/templates/vpn/rsa-keys/rsa-key-name/node.def
@@ -1,5 +1,3 @@
tag:
type: txt
-help: Remote RSA key
-comp_help: possible completions:
- <text> Set name of RSA key
+help: Name of remote RSA key
diff --git a/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def b/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
index 29775a4..3fdcc18 100644
--- a/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
+++ b/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
@@ -1,4 +1,2 @@
help: Remote RSA key
type: txt
-comp_help: possible completions:
- <text> Set the actual RSA key